It’s neat when something you worked on five years earlier continues to grow like wildfire. That’s what’s happened at the Georgia Tech Research Institute (GTRI), thanks to a strategic communication effort that captured the world’s attention.
I’ve decided to take a look back at the project because today is a big day on our campus. More than 400 people from government, industry, and academia are here to attend Georgia Tech’s annual Cyber Security Summit. It’s also the day we release our 2016 Emerging Threats Report. And this year we’re also launching a brand new interdisciplinary research institute – the Institute for Information Security and Privacy – which is an exciting new joint effort between GTRI and the Georgia Tech College of Computing.
Today, GTRI’s Cyber Technology and Information Security Laboratory is the fastest growing lab at GTRI. Over the past 5 years, it has won nearly $259M in sponsored research awards from government and industry. It’s also home to more than 230 researchers, staff, and students.
But that’s not how things started…
In 2010, I was Senior Director of Communication for GTRI. The organization wanted to become an international leader in cyber security. We had the experts and we were cobbling them together to create a new cyber-focused lab. But it took a good strategy to get the right people to take notice.
We wanted to build broad name recognition with key audiences before we announced the new lab was being formed. We identified a small internally funded project in which researchers used off-the-shelf graphics processing cards to crack encrypted 7 character passwords in a few short hours. They were recommending that new passwords be 12 characters, with anything less being ‘hopelessly inadequate.’ It had all the elements of a story that could capture broad interest. In August 2010, we issued a news release and it took off like a rocket.
The wave of publicity put GTRI on the map as a major player in cyber security research. At the time, it was the organization’s most successful media relations effort. It was followed by the new lab announcement, and another release detailing the new lab’s first major cybersecurity research grant – $10M from the U.S. Department of Homeland Security.
Here are the details…
Making it Understandable: It’s no secret, one of the toughest things about publicizing research is making it understandable – but not making it so simple that it seems trivial to other experts in the field. Finding balance is the key. In this case, we wrote about what had been done and focused our attention on the impact of the research – what it meant to people like you and me.
Preparing the Researchers: Another big challenge was dealing with the overwhelming number of media requests that flooded the department – and coordinating interview for our lead researchers, who had little prior media experience. This involved helping them fine-tune messages so they could be understood by a general audience. We also closely monitored media coverage to determine how the messages were being reported.
Web Explosion: The story immediately became the most popular page on the GTRI website, with more than 23,360 page views. It was viewed another 6,195 times on the main Georgia Tech website. For a short time, the news release page surpassed the GTRI homepage in popularity – which was a first.
News Media & Blogs: More than 100 major news outlets picked up the story. At the time, we estimated that the story’s reach was well beyond 115M people. It was popular with the security-related blogs too. Dozens of them ran the story and the comments that followed were largely positive.
Researchers in the Media: The lead researchers did a great job handling the interviews about their own research, but the attention didn’t stop there. They started to be called upon to serve as experts on other cyber-related stories. Fox News Channel (11/16/10) featured a live interview with a researcher for a story about traffic from U.S. Government web sites being redirected to China. The Atlanta Journal-Constitution (4/10/11) asked our experts to participate in a Sunday feature titled “Password Overload.”
Public Citation: You know you’ve made an impact when other experts and organizations reference your work. CNN (7/2/11) ran a story about battling password hackers and the interviewee (from another organization) cited our password cracking work in his responses. Two companies also referenced GTRI’s password security recommendations in news releases promoting their own products. Both releases (10/10 and 6/11) included links to our full story, which provided additional exposure for our work within the information security community.
Generating New Contracts: The Cyber Technology and Information Security Laboratory won its first large research contract, $10M from the Department of Homeland Security. This happened in the months following the release of the password cracking story and the announcement of the lab’s formation.
Part of the Wikipedia Record: The research was also included in the Wikipedia article for ‘Password Strength.’ The article cites the 2010 research program that started it all.
Exhausting Every Resource: We also used our own resources to communicate the research to key audiences directly. It was presented as a full-page feature in GTRI’s 75th Anniversary Annual Report, and it was included as part of a broader cyber security feature story in the Winter/Spring 2011 issue of Georgia Tech’s Research Horizons Magazine. We also shared the story on four different Georgia Tech twitter accounts, two Facebook pages and with the GTRI LinkedIn group.
Laughing at Ourselves: The password cracking research was also covered by a satirical news website out of the UK called NewsThump. The title of the story was “If you can remember your password then it’s hopelessly inadequate, warn researchers.” (I think the researchers still have a copy framed on the wall in their lab.)
I also had to (gently) counsel one of our researchers who responded to a media question about password security by saying “you’re screwed.” (…And yes, it was printed exactly like that.)
Finally, on the day of the research team photo shoot; one of the fellows wore a hideous green sweater. It’s immortalized in the photos and has become a recurring joke for the last five years. He still has the sweater too.
That’s the story…
So that’s how strategic communication sparked the growth of cyber security research at GTRI.
I cite many numbers in this post to illustrate the level of activity, but the real results are seen in the rapid reputational and funding growth Georgia Tech has experienced in this critical research area.
If you want to see what we’re up to now, check out the cyber security feature in the most recent issue of our Research Horizons Magazine or visit the new Institute for Information Security and Privacy online.